admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-08-17 07:00:33 +00:00
parent f2f716bb6b
commit 5165aebe56
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
12 changed files with 827 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2023/25xxx/CVE-2023-25647.json
View File

@ -40,24 +40,36 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "NON_EEA_P870F21",
"version_value": "V1.0.0B07"
},
{
"version_affected": "<=",
"version_name": " GEN_ZTE_PQ82A01",
"version_value": "V1.0.0B18MR"
},
{
"version_affected": "<=",
"version_name": "GEN_ZTE_P870A01",
"version_value": "V3.0.0B05"
},
{
"version_affected": "<=",
"version_name": "GEN_ZTE_P898A01",
"version_value": "V2.0.0B16"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "V1.0.0B07",
"status": "affected",
"version": "NON_EEA_P870F21V1.0.0B01",
"versionType": "V1.0.0B07"
},
{
"lessThanOrEqual": "V1.0.0B18MR",
"status": "affected",
"version": " GEN_ZTE_PQ82A01V1.0.0B01MR",
"versionType": "V1.0.0B18MR"
},
{
"lessThanOrEqual": "V3.0.0B05",
"status": "affected",
"version": "GEN_ZTE_P870A01V3.0.0B01",
"versionType": "V3.0.0B05"
},
{
"lessThanOrEqual": "V2.0.0B16",
"status": "affected",
"version": "GEN_ZTE_P898A01V2.0.0B01",
"versionType": "V2.0.0B16"
}
],
"defaultStatus": "affected"
}
}
]
}

92
2023/34xxx/CVE-2023-34215.json
View File

@ -1,17 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34215",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@moxa.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation and improper authentication in the certification-generation function, which could potentially allow malicious users to execute remote code on affected devices.\u00a0\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Moxa",
"product": {
"product_data": [
{
"product_name": "TN-5900 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities",
"refsource": "MISC",
"name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below.<br><ul><li>TN-5900 Series: Please upgrade to firmware v3.4 or higher.</li></ul>"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below.\n * TN-5900 Series: Please upgrade to firmware v3.4 or higher.\n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

104
2023/34xxx/CVE-2023-34216.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34216",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@moxa.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Moxa",
"product": {
"product_data": [
{
"product_name": "TN-5900 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.3"
}
]
}
},
{
"product_name": "TN-4900 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "1.2.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities",
"refsource": "MISC",
"name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:<br><ul><li>TN-4900 Series: Please contact Moxa Technical Support for a security patch.</li><li>TN-5900 Series: Please upgrade to firmware v3.4 or higher.</li></ul>"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * TN-4900 Series: Please contact Moxa Technical Support for a security patch.\n * TN-5900 Series: Please upgrade to firmware v3.4 or higher.\n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
]
}

104
2023/34xxx/CVE-2023-34217.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34217",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@moxa.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-delete function, which could potentially allow malicious users to delete arbitrary files. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Moxa",
"product": {
"product_data": [
{
"product_name": "TN-5900 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "3.3"
}
]
}
},
{
"product_name": "TN-4900 Series",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "1.0",
"version_value": "1.2.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities",
"refsource": "MISC",
"name": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230402-tn-5900-and-tn-4900-series-web-server-multiple-vulnerabilities"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:<br><ul><li>TN-4900 Series: Please contact Moxa Technical Support for a security patch.</li></ul><ul><li>TN-5900 Series: Please upgrade to firmware v3.4 or higher.</li></ul>"
}
],
"value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n * TN-4900 Series: Please contact Moxa Technical Support for a security patch.\n\n\n * TN-5900 Series: Please upgrade to firmware v3.4 or higher.\n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
]
}

7
2023/39xxx/CVE-2023-39849.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at \\inc\\function.php."
"value": "** DISPUTED ** Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at \\inc\\function.php. NOTE: this is disputed by multiple third parties who report that the only role of Pikachu is to intentionally implement vulnerabilities for learning purposes; it is never employed for delivering services or functionality to end users."
}
]
},
@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://github.com/KLSEHB/vulnerability-report/blob/main/Pikachu_CVE-2023-39849",
"url": "https://github.com/KLSEHB/vulnerability-report/blob/main/Pikachu_CVE-2023-39849"
},
{
"refsource": "MISC",
"name": "https://github.com/zhuifengshaonianhanlu/pikachu/blob/master/README.md",
"url": "https://github.com/zhuifengshaonianhanlu/pikachu/blob/master/README.md"
}
]
}

75
2023/3xxx/CVE-2023-3244.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3244",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restore_settings function called via an AJAX action in versions up to, and including, 1.1.9. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to reset the plugin's settings. NOTE: After attempting to contact the developer with no response, and reporting this to the WordPress plugin's team 30 days ago we are disclosing this issue as it still is not updated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "happy-coders",
"product": {
"product_data": [
{
"product_name": "Comments Like Dislike",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.1.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66019297-a8a8-4bbc-99db-4b47066f3e50?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/66019297-a8a8-4bbc-99db-4b47066f3e50?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/comments-like-dislike/trunk/inc/classes/cld-admin.php#L99",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/comments-like-dislike/trunk/inc/classes/cld-admin.php#L99"
}
]
},
"credits": [
{
"lang": "en",
"value": "Hung Duong"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

175
2023/40xxx/CVE-2023-40251.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40251",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vuln@krcert.or.kr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Encryption of Sensitive DataCAPEC- vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311 Missing Encryption of Sensitive DataCAPEC-",
"cweId": "CWE-311"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Genians",
"product": {
"product_data": [
{
"product_name": "Genian NAC V4.0",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "V4.0.156",
"status": "unaffected"
}
],
"lessThanOrEqual": "V4.0.155",
"status": "affected",
"version": "V4.0.0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Genian NAC V5.0",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "V5.0.42 (Revision 117461)",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.42 (Revision 117460)",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Genian NAC Suite V5.0",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "V5.0.55",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.54",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Genian ZTNA",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "V6.0.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "V6.0.15",
"status": "affected",
"version": "V6.0.0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.genians.co.kr/notice/2023",
"refsource": "MISC",
"name": "https://www.genians.co.kr/notice/2023"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

175
2023/40xxx/CVE-2023-40252.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40252",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vuln@krcert.or.kr",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Genians",
"product": {
"product_data": [
{
"product_name": "Genian NAC V4.0",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "V4.0.156",
"status": "unaffected"
}
],
"lessThanOrEqual": "V4.0.155",
"status": "affected",
"version": "V4.0.0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Genian NAC V5.0",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "V5.0.42 (Revision 117461)",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.42 (Revision 117460)",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Genian NAC Suite V5.0",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "V5.0.55",
"status": "unaffected"
}
],
"lessThanOrEqual": "V5.0.54",
"status": "affected",
"version": "V5.0.0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Genian ZTNA",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "V6.0.16",
"status": "unaffected"
}
],
"lessThanOrEqual": "V6.0.15",
"status": "affected",
"version": "V6.0.0",
"versionType": "custom"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.genians.co.kr/notice/2023",
"refsource": "MISC",
"name": "https://www.genians.co.kr/notice/2023"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

20
2023/40xxx/CVE-2023-40253.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Functionality Misuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
@ -169,15 +169,15 @@
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]

16
2023/40xxx/CVE-2023-40254.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n"
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-494 Download of Code Without Integrity Check",
"cweId": "CWE-494"
"value": "CWE-94 Improper Control of Generation of Code ('Code Injection')",
"cweId": "CWE-94"
}
]
}
@ -168,16 +168,16 @@
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]

58
2023/40xxx/CVE-2023-40281.json
View File

@ -1,17 +1,67 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40281",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in \"mail/template\" and \"products/product\" of Management page.\r\nIf this vulnerability is exploited, an arbitrary script may be executed on the web browser of the other administrator or the user who accessed the website using the product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS)"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "EC-CUBE CO.,LTD.",
"product": {
"product_data": [
{
"product_name": "EC-CUBE 2 series",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.11.0 to 2.17.2-p1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.ec-cube.net/info/weakness/20230727/",
"refsource": "MISC",
"name": "https://www.ec-cube.net/info/weakness/20230727/"
},
{
"url": "https://jvn.jp/en/jp/JVN46993816/",
"refsource": "MISC",
"name": "https://jvn.jp/en/jp/JVN46993816/"
}
]
}

18
2023/4xxx/CVE-2023-4396.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4396",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}